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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )S Responsive to communication(s) filed on 16 August 2001 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) 03 Claim(s) 1-88 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1^88 is/are rejected. 

7) ^] Claim(s) 88 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 
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9) D The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 16 August 2001 is/are: a)D accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 
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1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Double Patenting 

1 . The nonstatutory double patenting rejection is based on a judicially 
created doctrine grounded in public policy (a policy reflected in the statute) so as 
to prevent the unjustified or improper timewise extension of the "right to exclude" 
granted by a patent and to prevent possible harassment by multiple assignees. 
See In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re 
Long/', 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 
F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 
USPQ 619 (CCPA 1970);and, In re Thorington, 418 F.2d 528, 163 USPQ 644 
(CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321 (c) may 
be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent is shown to 
be commonly owned with this application. See 37 CFR 1 .130(b). 

Effective January 1 , 1994, a registered attorney or agent of record may 
sign a terminal disclaimer. A terminal disclaimer signed by the assignee must 
fully comply with 37 CFR 3.73(b). 



2. Claims 1-88 provisionally rejected under the judicially created doctrine of 
obviousness-type double patenting as being unpatentable over claims 1-89 of 
copending Application No. 09/930164. Although the conflicting claims are not 
identical, they are not patentable distinct from each other because the limitation 
of copending Application No. 09/930164 is overlapping the limitation of 
copending Application No. 09/930272. 

This is a provisional obviousness-type double patenting rejection because 
the conflicting claims have not in fact been patented. 



Specification 
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3. The lengthy specification has not been checked to the extent necessary to 
determine the presence of all possible minor errors. Applicant's cooperation is 
requested in correcting any errors of which applicant may become aware in the 
specification. 

Drawings 

4. Figures 1-3 should be designated by a legend such as -Prior Art- 
because only that which is old is illustrated. See MPEP § 608.02(g). Corrected 
drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office 
action to avoid abandonment of the application. The replacement sheet(s) should 
be labeled "Replacement Sheet" in the page header (as per 37 CFR 1.121(d)) so 
as not to obstruct any portion of the drawing figures. If the changes are not 
accepted by the examiner, the applicant will be notified and informed of any 
required corrective action in the next Office action. The objection to the drawings 
will not be held in abeyance. 

Claim Objections 

5. Claim 88 is objected to because of the following informalities: "an 
network" appears to be a typo error for --a network-. Appropriate correction is 
required. 



Claim Rejections - 35 USC § 102 
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6. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 

Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for patent or 
(2) a patent granted on an application for patent by another filed in the United States before 
the invention by the applicant for patent, except that an international application filed under 
the treaty defined in section 351 (a) shall have the effects for purposes of this subsection of an 
application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

7. Claims 1 , 3, 7-8, 18-23, 49, 53, 58, and 73 are rejected under 35 
U.S.C. 102(e) as being anticipated by Gleichauf et al., U.S. Patent Number 
6,499,107 (hereinafter Gleichauf). 

8. Taking claim 1 as an exemplary claim, Gleichauf teaches a method of 
delivering a network service (figure 2), the method comprising: 

■ receiving a data packet, the data packet including a service address 
and a payload (item 18 of figure 2; and column 4, lines 50-67 i.e. router 
is capable of receiving packet among the internal or external network); 

■ identifying a plurality of network applications associated with the 
service address of the data packet (item 18 of figure 2 i.e. router has 
routing table which identify a plurality of network application based on 
the service address), the plurality of network applications associated 
with the service address including a first network application (item 20 
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of figure 2 i.e. IDS), a second network application (item 16 of figure 2), 
and a third network application (item 12 of figure 2); 

■ sending at least the payload of the data packet to the first network 
application (figure 2 i.e. IDS capture and monitor packet. Therefore, 
router must be capable of sending packet to IDS); 

■ sending at least the payload of the data packet to the second network 
application (figure 2; column 4, lines 60-67; and column 5, lines 48-57); 

■ receiving a second network application response packet from the 
second network application (figure 2 i.e. router must be capable of 
receiving an outgoing package from firewall); and 

■ sending a third network application packet to the third network 
application, the third network application packet based at least in part 
on the second network application response packet (column 5, line 48- 
57; and item 18 of figure 2 i.e. router must be capable of sending 
packages to workstation through firewall which interpret as the 
workstation is capable of receiving packets based on the firewall 
respond). 

9. With respect to claim 3, Gleichauf further teaches receiving a third network 
application response packet from the third network application (item 10 i.e. 
workstation is capable of sending packet to router); and sending a service 
response packet to a source address of the data packet, the service response 
packet based at least in part on the third network application response packet 
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(figure 2 i.e. inside is capable sending a respond packet from workstation to 
outside). 

1 0. With respect to claim 7, Gleichauf further teaches the first network 
application has a first network application address and the second network 
application has a second network application address (items 20 and 16 of figure 
2 i.e. the first and second network application addresses are inherent. "Router is 
of a type know in the field of network, making connections between networks at 
the transport layer of the OSI model. Router decides whether to forward a 
packet by examining the packet's protocol level addresses. Router is capable of 
handling any datalink protocol. Router inspects packets incoming from the 
external network to determine which should be forwarded". See The prior art 
made of record, Shanklin, U.S. Patent Number 6,578,147); sending at least the 
payload of the data packet to the first network application includes identifying the 
first network application address based at least in part on the service address 
(items 18 and 20 i.e. the first network application address based on the service 
address are inherently for sending packets to IDS); and sending at least the 
payload of the data packet to the second network application includes identifying 
the second network application address based at least in part on the service 
address (items 20 and 16 i.e. the second network application address based on 
the service address are inherently for sending packets to firewall). 
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1 1 . With respect to claim 8, Gleichauf further teaches the data packet includes 
a service port identifier (A service port identifier is inherent because port must be 
including in the data packet. See The prior art made of record, Matsumoto et al M 
U.S. Patent Application Publication Number 2003/0202464); sending at least the 
payload of the data packet to the first network application includes identifying the 
first network application address based at least in part on the service port 
identifier (items 18 and 20 i.e. router is capable of sending the data packet to IDS 
including port identifier); and sending at least the payload of the data packet to 
the second network application includes identifying the second network 
application address based at least in part on the service port identifier (items 18 
and 16 i.e. router is capable sending the data packet to firewall including port 
identifier). 

1 2. With respect to claim 1 8, Gleichauf further teaches the first network 
application is different from the second network application, the second network 
application is different from the third network application, and the first network 
application is different from the third network application (items 12, 16, 18, and 
20 of figure 2). 

1 3. With respect to claim 1 9, Gleichauf further teaches the first network 
application is a first version of a network application and the second network 
application is a second version of the network application (item 20 of figure 2 i.e. 
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IDS is a first version of a network application and item 16 of figure 2 i.e. firewall is 
a second network application). 

14. With respect to claim 20, Gleichauf further teaches the first version of the 
network application is from a first vendor, the second version of the network 
application is from a second vendor, and the first vendor is different from the 
second vendpr (item 20 of figure 2 i.e. IDS is a first version of a network 
application and item 16 of figure 2 i.e. firewall is a second network application. 
IDS and firewall are from different vendor). 

1 5. With respect to claim 21 , Gleichauf further teaches the first network 
application is selected from the group consisting of an intrusion detection 
application, a virus detection application, a firewall application, a web switch, a 
network security application, and a load balancing application; and the second 
network application is a different network application selected from the group 
consisting of an intrusion detection application, a virus detection application, a 
virtual private network application, a firewall application, a web switch, a network 
security application, a proxy application, a database application, and a load 
balancing application (figure 2 i.e. IDS is capable of an intrusion detection as first 
network application and firewall is capable of a firewall application as second 
network application). 
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16. With respect to claim 22, Gleichauf further teaches receiving a third 
network application response packet from the third network application (item 12 
of figure 2 i.e. workstation is capable of sending or responding); generating a 
service response packet as a data product, the service response packet based at 
least in part on the third network application response packet (item 18 of figure 2; 
and column 4, lines 50-67 i.e. router is capable of sending based on the 
workstation responding packet); and sending a service response packet to a 
source address of the data packet (item 18 of figure 2; and column 4, lines 50-67 
i.e. "router serves as a gateway between internal network and an external 
network which is inherent as sending a responding packet to a source address of 
the data packet). 

17. Taking claim 23 as an exemplary claim, Gleichauf teaches a method to 
manage delivery of a network service (figure 2), the method comprising: 

■ receiving a data packet having a service address and a payload (item 
18 of figure 2; and column 4, lines 50-67 i.e. router is capable of 
receiving packet among the internal or external network); 

■ identifying a plurality of network applications (item 18 of figure 2 i.e. 
router is coupled to the firewall, IDS, and workstation. Therefore, 
router is capable of identify each of network applications) based at 
least in part on the service address, the plurality of network 
applications including at least a first network application (item 20 i.e. 
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IDS), a second network application (item 16 i.e. firewall), and a third 
network application (item 12 i.e. workstation); 

■ distributing at least the payload of the data packet to the first network 
application and the second network application based at least in part 
on the service address (column 4, lines 35-49); 

■ sequentially processing the data packet through at least the second 
network application and the third network application based at least in 
part on the service address (item 18 of figure 2 i.e. router is capable of 
routing to firewall and workstation based on the network address which 
is inherent as sequentially processing the data packet); and 

■ sending a data packet service response based at least in part on the 
data packet sequential processing (item 16 of figure 2 i.e. firewall is 
capable of sending a response packet to the workstation). 

18. Claims 49, 53, 58, and 73 are also rejected for the same reason set forth 
in claim 23 above. 

Claim Rejections - 35 USC § 103 

19. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 
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20. Claims 2, 6, 9-17, 24-27, 50-52, 54-57, 59-61, 74, and 79-80 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over Gleichauf as applied to 
claims 1 , 23, 49, 58, and 73 above, and further in view of Network Tap, 
http://www.netoptics.com, pages 1-28 (hereinafter Network Tap). 

21 . With respect to claim 2, Gleichauf further teaches receiving a data packet 
includes receiving a data packet via a first network interface (item 30 of figure 2 
and item 1 8); sending at least the payload of the data packet to the first network 
application includes sending at least the payload of the data packet to the first 
network application via a second network interface (item 20 of figure 2 i.e. IDS 
receives packets from router); and sending at least the payload of the data 
packet to the second network application includes sending at least the payload of 
the data packet to the second network application (item 16 of figure 2 i.e. firewall 
is capable of receiving packets from router). 

However, Gleichauf fails to teach sending at least the payload of the data 
packet to the second network application includes sending at least the payload of 
the data packet to the second network application via the second network 
interface, the second network interface being different than the first network 
interface. 

In a method of delivering a network service, Network Tap discloses 
sending at least the payload of the data packet to both of the first and second 
network application via the second network interface, the second network 
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interface being different than the first network interface (pages 7-8 i.e. network 
tap is capable of regenerating signals or splitting the signals which "allows user 
to monitor the full duplex traffic between two Fast Ethernet devices"). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Network Tap 
by sending packet to both of the first and second network application via the 
second network interface because this feature may avoids bottleneck and other 
overhead processors. It is for this reason that one of ordinary skill in the art at 
the time of the invention would have been motivated to modify Gleichauf in view 
of Network Tap in order to reduces the cost and upgrade easily with an existing 
network devices without the delay of the packets. 

22. With respect to claim 6, Gleichauf further teaches sending at least the 
payload of the data packet to the first network application includes: identifying the 
first network application based at least in part on the service address of the data 
packet and the first network interface (items 18 and 20 of figure 2 i.e. router is 
capable of inspect packets incoming from the external network to determine 
which should be forwarded into the IDS or firewall); and sending at least the 
payload of the data packet to the first network application via a second network 
interface (item 16 of figure 2 i.e. firewall is capable of receiving an attack 
signature via different network interface than IDS). 
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23. With respect to claim 9, Gleichauf further teaches the first network 
application has a first network application address and the second network 
application has a second network application address (the first and second 
network addresses are inherent because the first network application is different 
from the second network application); sending at least the payload of the data 
packet to the first network application includes identifying the first network 
application address based at least in part on the service address and the first 
network interface (items 18 and 20 i.e. router is capable for sending the incoming 
packet); and sending at least the payload of the data packet to the second 
network application includes identifying the second network application address 
based at least in part on the service address and the first network interface 
(items 18 and 16 i.e. router is capable for sending the incoming packet). 



24. With respect to claim 10, Gleichauf further teaches the data packet 
includes a service port identifier (A service port identifier is inherent because port 
must be including in the data packet. See The prior art made of record, 
Matsumoto et al., U.S. Patent Application Publication Number 2003/0202464); 
sending at least the payload of the data packet to the first network application 
includes identifying the first network application address based at least in part on 
the service port identifier (items 18 and 20 i.e. router is capable of sending the 
data packet to IDS including port identifier); and sending at least the payload of 
the data packet to the second network application includes identifying the second 
network application address based at least in part on the service port identifier 
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(items 18 and 20 i.e. router is capable of sending the data packet to IDS 
including port identifier). 

25. With respect to claim 1 1 , Gleichauf further teaches the second network 
application response packet includes a second network application response 
source address (items 16 and 20 i.e. firewall is capable of sending packets to 
router); the third network application has a third network application address 
(item 10 i.e. the third network application address are inherent on each of the 
workstation); and sending a third network application packet to the third network 
application includes identifying the third network application address based at 
least in part on the second network application response source address (item 
10, 12, and 16 i.e. firewall is capable of sending packets to inside which is 
inherent as workstation receives packets based on the responding of the 
firewall). 

26. With respect to claim 12, Gleichauf further teaches the first network 
application address is different from the first network application response source 
address (column 7, line 64 through column 8 line 67; column 9, lines 45-50; and 
item 134 of figure 4 i.e. IDS is capable of disabling and sending an issue alarm 
about the attack based on the IP fragment reassembly. Therefore, the first 
network application address is different from the first network application 
response source address). 
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27. With respect to claim 13, Gleichauf further teaches the first network 
application address is the same as the first network application response source 
address (column 7, line 64 through column 8 line 67; column 9, lines 45-50; and 
item 134 of figure 4 i.e. IDS is capable of enabling and updating based on the 
types of packets that pass through the network). 

28. With respect to claim 14, Gleichauf further teaches receiving a second 
network application response packet from the second network application 
includes receiving the second network application response packet; and sending 
a third network application packet to the third network application includes 
sending the third network application packet to the third network application. 

However, Gleichauf fails to teach receiving a second network application 
response packet from the second network application includes receiving the 
second network application response packet from a third network interface, the 
third network interface being different from the second network interface and the 
first network interface; and sending a third network application packet to the third 
network application includes sending the third network application packet to the 
third network application via a fourth network interface, the fourth network 
interface being different from the third network interface, the second network 
interface, and the first network interface. 

In a method of delivering a network service, Network Tap discloses the 
first, second, third, and the fourth network interface, the network interfaces being 



Application/Control Number: 09/930,272 Page 
Art Unit: 2151 

different from each other (pages 11-15 i.e. network tap has fourth network 
interfaces: two for networking and the other two for analyzing). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Network Tap 
by sending and receiving packets via the first, second, third, and fourth network 
interfaces because this feature may avoids bottleneck and other overhead 
processors. It is for this reason that one of ordinary skill in the art at the time of 
the invention would have been motivated to modify Gleichauf in view of Network 
Tap in order to reduces the cost and upgrade easily with an existing network 
devices without the delay of the packets. 

29. With respect to claim 1 5, Gleichauf further teaches receiving a third 
network application response packet from the third network application; sending 
a second network application return packet to the second network application; 
receiving a second network application return response packet from the second 
network application; and sending a service response packet, the service 
response packet based at least in part on the second network application return 
response packet. 

However, Gleichauf fails to teach receiving a third network application 
response packet from the third network application via the fourth network 
interface; sending a second network application return packet to the second 
network application via the third network interface, the second network 
application return packet based at least in part on the third network application 
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response packet; receiving a second network application return response packet 
from the second network application via the second network interface; and 
sending a service response packet via the first network interface. 

In a method of delivering a network service, Network Tap discloses 
receiving a third network application response packet from the third network 
application via the fourth network interface; sending a second network application 
return packet to the second network application via the third network interface, 
the second network application return packet based at least in part on the third 
network application response packet; receiving a second network application 
return response packet from the second network application via the second 
network interface; and sending a service response packet via the first network 
interface (pages 11-15). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Network Tap 
by sending and receiving packets via the first, second, third, and fourth network 
interface because this feature may avoids bottleneck and other overhead 
processors. It is for this reason that one of ordinary skill in the art at the time of 
the invention would have been motivated to modify Gleichauf in view of Network 
Tap in order to reduces the cost and upgrade easily with an existing network 
devices without the delay of the packets. 

30. With respect to claim 16, Gleichauf fails to teach sending a first network 
application return packet to the first network application via the second network 
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interface, the first network application return packet based at least in part on the 
second network application return response packet. 

In a method of delivering a network service, Network Tap discloses 
sending a first network application return packet to the first network application 
via the second network interface, the first network application return packet 
based at least in part on the second network application return response packet 
(pages 11-13). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Network Tap 
by sending and receiving packets via the first and second network interface 
because this feature may avoids bottleneck and other overhead processors. It is 
for this reason that one of ordinary skill in the art at the time of the invention 
would have been motivated to modify Gleichauf in view of Network Tap in order 
to reduces the cost and upgrade easily with an existing network devices without 
the delay of the packets. 

31 . With respect to claim 1 7, Gleichauf further teaches sending at least the 
payload of the data packet to the first network application; sending at least the 
payload of the data packet to the second network application; and sending the 
third network application packet to the third network application. 

However, Gleichauf fails to teach sending at least the payload of the data 
packet to the first network application is based at least in part on a stateless 
identification of the first network application; sending at least the payload of the 
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data packet to the second network application is based at least in part on a 
stateless identification of the second network application; and sending the third 
network application packet to the third network application is based at least in 
part on a stateless identification of the third network application. 

In a method of delivering a network service, Network Tap discloses 
sending at least the payload of the data packet to the first network application is 
based at least in part on a stateless identification of the first network application; 
sending at least the payload of the data packet to the second network application 
is based at least in part on a stateless identification of the second network 
application; and sending the third network application packet to the third network 
application is based at least in part on a stateless identification of the third 
network application (pages 11-15 i.e. a stateless identification of the first, second, 
and third network applications are inherent as tap splitter). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Network Tap 
by sending and receiving packets based on at least in part of a stateless 
identification of the first, second, and third network application because this 
feature may avoids interruption of network traffic with or without lost of the power. 
It is for this reason that one of ordinary skill in the art at the time of the invention 
would have been motivated to modify Gleichauf in view of Network Tap in order 
to allow a network manager to connect and disconnect the Analyzer at any time 
without disrupting the traffic on the network. 
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32. Taking claim 24 as an exemplary claim, Gleichauf further teaches 
sequentially processing the data packet through at least the second network 
application and the third network application. 

However, Gleichauf fails to teach sequentially processing the data packet 
through at least the second network application and the third network application 
consists essentially of statelessly sequentially processing the data packet 
through at least the second network application and the third network application. 

In a method of delivering a network service, Network Tap discloses 
sequentially processing the data packet through at least the second network 
application and the third network application consists essentially of statelessly 
sequentially processing the data packet through at least the second network 
application and the third network application (pages 11-15 i.e. "statelessly 
sequentially processing" is inherent because tap is capable of sending to the 
second and third network application without encapsulating or checking the 
network address). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Network Tap 
by sending packets based on at least in part of a statelessly sequentially 
processing the data packet through second and third network application 
because this feature may avoids bottleneck. It is for this reason that one of 
ordinary skill in the art at the time of the invention would have been motivated to 
modify Gleichauf in view of Network Tap in order to allow a network manager to 



Application/Control Number: 09/930,272 Page 21 

Art Unit: 2151 

connect and disconnect the Analyzer at any time without disrupting the traffic on 
the network. 

33. Claims 50, 54, and 59 are also rejected for the same reason set forth in 
claim 24 above. 

34. Taking claim 25 as an exemplary claim, Gleichauf further teaches 
receiving a data packet having a service address and a payload includes 
receiving the data packet; distributing at least the payload of the data packet to 
the first network application and the second network application includes 
distributing at least the payload of the data packet to the first network application 
and the second network application; sequentially processing the data packet 
through at least the second network application and the third network application 
includes sequentially processing the data packet through at least the second 
network application and the third network application; and sending a data packet 
service response includes sending the data packet service response. 

However, Gleichauf fails to teach receiving a data packet having a service 
address and a payload includes receiving the data packet via a first network 
interface; distributing at least the payload of the data packet to the first network 
application and the second network application includes distributing at least the 
payload of the data packet to the first network application and the second 
network application via a second network interface, the second network interface 
being different from the first network interface; sequentially processing the data 
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packet through at least the second network application and the third network 
application includes sequentially processing the data packet through at least the 
second network application and the third network application via the second 
network interface and one or more additional network interfaces, the one or more 
additional network interfaces being different from the first network interface and 
the second network interface; and sending a data packet service response 
includes sending the data packet service response via the first network interface. 

In a method of delivering a network service, Network Tap discloses the 
first, second, third, and the one or more additional network interfaces, the 
network interfaces being different from each other (pages 16-20 i.e. network tap 
has at least four network interfaces: at least two for networking and another two 
for analyzing). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Network Tap 
by sending and receiving packets via at least four network interfaces because 
this feature may avoids bottleneck and other overhead processors. It is for this 
reason that one of ordinary skill in the art at the time of the invention would have 
been motivated to modify Gleichauf in view of Network Tap in order to reduces 
the cost and upgrade easily with an existing network devices without the delay of 
the packets. 

35. Claims 51 , 55, and 60 are also rejected for the same reason set forth in 
claim 25 above. 
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36. Taking claim 26 as an exemplary claim, Gleichauf further teaches 
receiving a data packet includes receiving a data packet including a service port 
identifier (A service port identifier is inherent because port must be including in 
the data packet. See The prior art made of record, Matsumoto et al., U.S. Patent 
Application Publication Number 2003/0202464); distributing at least the payload 
of the data packet to the first network application and the second network 
application based at least in part on the service address includes distributing at 
least the payload of the data packet to the first network application and the 
second network application based at least in part on the service address and the 
service port identifier (column 4, lines 35-49); and sequentially processing the 
data packet through at least the second network application and the third network 
application based at least in part on the service address includes sequentially 
processing the data packet through at least the second network application and 
the third network application based at least in part on the service address and the 
service port identifier (item 18 of figure 2 i.e. router is capable of routing to 
firewall and workstation based on the network address which is inherent as 
sequentially processing the data packet). 

37. Claims 52, 56, 61 , and 74 are also rejected for the same reason set forth 
in claim 26 above. 

38. Taking claim 27 as an exemplary claim, Gleichauf further teaches sending 
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a data packet service response based at least in part on the data packet 
sequential processing includes generating the data packet service response as a 
data product based at least in part on the data packet sequential processing 
(figure 2; column 7, line 64 through column 8 line 67; column 9, lines 45-50; and 
item 134 of figure 4 i.e. IDS is capable of enabling and updating based on the 
types of packets that pass through the network). 

39. Claim 57 is also rejected for the same reason set forth in claim 27 above. 

40. With respect to claim 79, Gleichauf further teaches the first packeting 
engine includes means for tracking packet progress (column 1, lines 34- 45; and 
item 20 of figure 2). 

41 . With respect to claim 80, Gleichauf further teaches the first network 
application (item 20 of figure 2 i.e. IDS) and the second network application (item 
16 of figure 2) are different vendor implementations of a network application. 

42. Claims 28-47 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gleichauf et al., U.S. Patent Number 6,499,107 (hereinafter Gleichauf), in 
view of Network Tap, http://www.netoptics.com, page 1-28 (hereinafter Network 
Tap). 
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43. With respect to claim 28, Gleichauf teaches a system to manage delivery 

of a network service (figure 2), the system comprising: 

■ receiving a data packet, the data packet including a service address 
(item 18 of figure 2; and column 4, lines 50-67 i.e. router is capable of 
receiving packet among the internal or external network); 

■ packet processing logic to store packet processing information, 
the packet processing information including a service address 
field to store the service address, the service address 
associated with a plurality of network applications (item 18 of 
figure 2 i.e. router is coupled to the firewall, IDS, and 
workstation. Therefore, router is capable of identify each of 
network applications), the plurality of network applications 
including a first network application (item 20 of figure 2), a 
second network application (item 16 of figure 2), and a third 
network application (items 12 of figure 2); 

■ packet distribution information including one or more packet 
distribution entries, a packet distribution entry including a source 
address field to store a source address and a destination 
address field to store a destination address (column 4, lines 35- 
49); and 

■ packet sequential processing information including one or more 
packet sequencing entries, a packet sequencing entry including 
a source address field to store a source address and a 
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destination address field to store a destination address ((item 18 
of figure 2 i.e. router is capable of routing to firewall and 
workstation based on the network address which is inherent as 
sequentially processing the data packet); 

■ transmitting at least the payload of the data packet to the first network 
application and the second network application, the second network 
application being different from the first network application (items 18, 
20, and 16 i.e. router is capable of routing packets to IDS and firewall); 

■ receiving a second network application response packet (item 16 and 
18 of figure 2 i.e. firewall is capable of sending packet back to firewall); 
and 

■ sending a third network application packet to the third network 
application, the third network application packet based at least in part 
on the second network application response packet, the third network 
application being different from the first network application (items 18, 
16, and 12 i.e. router is capable of sending packets to workstation via 
firewall, ."response packet" is not claimed as "looping back". This may 
be interpreted as workstation receiving packet from firewall). 

In a system to manage delivery of a network service, Network Tap 
discloses the first, second, third, and the fourth network interface, the network 
interfaces being different from each other (pages 11-15 i.e. network tap has 
fourth network interfaces: two for networking and the other two for analyzing). 
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Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Network Tap 
by sending and receiving packets via the first, second, third, and fourth network 
interfaces because this feature may avoids bottleneck and other overhead 
processors. It is for this reason that one of ordinary skill in the art at the time of 
the invention would have been motivated to modify Gleichauf in view of Network 
Tap in order to reduces the cost and upgrade easily with an existing network 
devices without the delay of the packets. 

44. With respect to claim 29, Gleichauf further teaches a packet distribution 
entry of the one or more packet distribution entries includes a received interface 
field to store a received interface identifier, and a send interface field to store a 
send interface identifier (column 4, lines 35-49 i.e. router is capable of 
encapsulating and decapsulating between layer 2 and layer 3 for routing purpose 
which is inherent as storing a received interface identifier); and a packet 
sequencing entry of the one or more packet sequencing entries includes a 
received interface field to store a received interface identifier; and a send 
interface field to store a send interface identifier (item 18 of figure 2 i.e. router is 
capable of routing to firewall and workstation based on the network address 
which is inherent as sequentially processing the data packet). 

45. With respect to claim 30, Gleichauf further teaches the data packet 
includes a first service port identifier (A service port identifier is inherent because 
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port must be including in the data packet. See The prior art made of record, 
Matsumoto et al., U.S. Patent Application Publication Number 2003/0202464); a 
packet distribution entry of the one or more packet distribution entries includes a 
service port field to store a service port identifier (column 4, lines 35-49); and a 
packet sequencing entry of the one or more packet sequencing entries includes a 
service port field to store a service port identifier (item 18 of figure 2 i.e. router is 
capable of routing to firewall and workstation based on the network address 
which is inherent as sequentially processing the data packet). 

46. With respect to claim 31 , Gleichauf further teaches the data packet 
includes a first service port identifier (A service port identifier is inherent because 
port must be including in the data packet. See The prior art made of record, 
Matsumoto et al., U.S. Patent Application Publication Number 2003/0202464); a 
packet distribution entry of the one or more packet distribution entries includes a 
received interface field to store a received interface identifier, a service port field 
to store a service port identifier, a send interface field to store a send interface 
identifier, and a send address field to store a send address (column 4, lines 35- 
49); and a packet sequencing entry of the one or more packet sequencing entries 
includes a received interface field to store a received interface identifier, a 
service port field to store a service port identifier, a send interface field to store a 
send interface identifier, and a send address field to store a send address (item 
18 of figure 2 i.e. router is capable of routing to firewall and workstation based on 
the network address which is inherent as sequentially processing the data 
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packet). 
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47. With respect to claim 32, Gleichauf further teaches the send address is a 
network address of a network application system of the plurality of network 
application systems (items 12, 16, 18, and 20 of figure 2 i.e. workstations, IDS, 
router, and firewall). 

48. With respect to claim 33, Gleichauf further teaches the send address is a 
media access controller address of a network application system of the plurality 
of network application systems (items 12, 16, 18, and 20 of figure 2 i.e. 
workstations, IDS, router, and firewall. Router routes network packets among the 
internal and external network based on the MAC address). 

49. With respect to claim 34, Gleichauf further teaches each packet 
distribution entry of the plurality of packet distribution entries includes a 
destination system type field to store a destination system type identifier (item 18 
of figure 2 i.e. router has a routing table which is inherent as storing a destination 
system identifier). 

50. With respect to claim 35, Gleichauf further teaches the first network 
application system is a first implementation of one network application system 
(item 20 of figure 2) and the second network application system is a second 
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implementation of the one network application system (item 16 of figure 2). 

51 . With respect to claim 36, Gleichauf further teaches a plurality of network 
application systems (figure 2 i.e. router, firewall, IDS, and workstation). 

However, Gleichauf fails to teach a plurality of network application 
systems, one or more of the plurality of network application systems coupled to 
one or more of the second network interface, the third network interface, and the 
fourth network interface- 
In a system to manage delivery of a network service, Network Tap 
discloses one or more of the plurality of network application systems coupled to 
one or more of the second network interface, the third network interface, and the 
fourth network interface (pages 11-15). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Network Tap 
by sending and receiving packets via the first, second, third, and fourth network 
interfaces because this feature may avoids bottleneck and other overhead 
processors. It is for this reason that one of ordinary skill in the art at the time of 
the invention would have been motivated to modify Gleichauf in view of Network 
Tap in order to reduces the cost and upgrade easily with an existing network 
devices without the delay of the packets. 

52. With respect to claim 37, Gleichauf further teaches the plurality of network 
application systems include one or more of an intrusion detection application, a 
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virus detection application, a virtual private network application, a firewall 
application, a web switch, a network security application, a proxy application, a 
database application, and a load balancing application (figures 2-3). 

53. With respect to claim 38, Gleichauf further teaches the first network 
application system is selected from the group consisting of an intrusion detection 
application, a virus detection application, a firewall application, a web switch, a 
network security application, and a load balancing application; and the second 
network application system is a different network application selected from the 
group consisting of an intrusion detection application, a virus detection 
application, a virtual private network application, a firewall application, a web 
switch, a network security application, a proxy application, a database 
application, and a load balancing application (figures 2-3). 

54. With respect to claim 39, Gleichauf further teaches the data packet uses 
one or more protocols of one of a TCP/IP network protocol suite and a UDP/IP 
network protocol suite (column 6, lines 31-42). 

55. With respect to claim 40, Gleichauf further teaches the one or more 
protocols includes an IPv4 network protocol (column 6, lines 31-42 i.e. IPv4 is 
inherent because IPv4 is a standard of Internet which is widely used now a day). 
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56. With respect to claim 41 , Gleichauf is silent on the one or more protocols 
includes an IPv6 network protocol. However, IPv6 is well known in the art (see 
the prior art make up record by Xiong et al., U.S. Patent Number 6,721 ,315) 

57. With respect to claim 42, Gleichauf further teaches the data packet uses 
one or more of a layer 2 protocol, a layer 3 protocol, and a layer 4 protocol 
(column 6, lines 31-42; item 18 of figure 2 i.e. router is capable of encapsulating 
and decapsulating the datalink as layer 2 and network layer as layer 3. A layer 4 
protocol is inherent because UDP is a layer 4 protocol). 

58. With respect to claim 43, Gleichauf is silent on the layer 2 protocol is 
selected from the group consisting of ATM and frame relay. However, the layer 2 
protocol, selecting from the group consisting of ATM and frame relay, is well 
known in the art (see prior made up record by Xiong et al., U.S. Patent Number 
6,721,315). 

59. With respect to claim 44, Gleichauf is silent on the layer 3 protocol is 
MPLS. However, the layer 3 protocol, MPLS, is well known in the art (see prior 
art made up record by Xiong et al., U.S. Patent Number 6,721 ,31 5). 

60. Taking claim 45 as an exemplary claim, Gleichauf fails to teach the packet 
processing information lacks information that supports stateful processing. 
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In a system to manage delivery of a network service, Network Tap 
discloses the packet processing information lacks information that supports 
stateful processing (pages 11-15 i.e. tap is capable of sending or receiving 
packets without processing the packets). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Network Tap 
by processing information lacks information that supports stateful processing 
because this feature increases performance, high integration, and high reliability. 
It is for this reason that one of ordinary skill in the art at the time of the invention 
would have been motivated to modify Gleichauf in view of Network Tap in order 
to allow to monitor the network traffic flowing in both directions without 
interrupting the network traffic, even the power is lost. 

61 . With respect to claim 46, Gleichauf further teaches the packet processing 
information includes information that supports stateful processing (item 18 of 
figure 2 i.e. router is capable of inspecting packets incoming from the external 
network and determining which should be forwarded into the internal network. 
Therefore, the packet processing information is inherent as supporting stateful 
processing). 

62. Claim 47 is also rejected for the same reason set forth in claim 45 above. 
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63. Claim 48 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
both Gleichauf et al M U.S. Patent Number 6,499,107 (hereinafter Gleichauf) and 
Network Tap, http://www.netoptics.com, page 1-28 (hereinafter Network Tap), as 
applied in claim 28 above, and further in view of Barnier, U.S. Patent Number 
6,453,348. 

64. With respect to claim 48, Gleichauf fails to teach a first access control list 
associated with a first customer, the data packet received from the first customer; 
and a second access control list associated with a second customer, the first 
access control list and the second access control list to manage network access 
to a shared firewall application. 

In a system to manage delivery of a network service, Barnier discloses a 
first access control list associated with a first customer, the data packet received 
from the first customer; and a second access control list associated with a 
second customer, the first access control list and the second access control list 
to manage network access to a shared firewall application (figure 3 i.e. VPN). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify both Gleichauf and Network Tap, 
and further in view of Bariner by sharing firewall application with the first access 
control list and the second access control list because this feature increases 
security among of customers. It is for this reason that one of ordinary skill in the 
art at the time of the invention would have been motivated to modify both 
Gleichauf and Network Tap, and further in view of Bariner in order to share the 
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same network among of customers with granting access to their own data and 
applications. 

65. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gleichauf as applied to claim 1 above, and further in view of Nickle, U.S. Patent 
Number 6,134,591. 

66. With respect to claim 4, Gleichauf fails to teach receiving a first network 
application response from the first network application; identifying the second 
network application based at least in part on the first network application 
response; and sending at least a portion of the first network application response 
to the second network application. 

In a method of delivering a network service, Nickles discloses receiving a 
first network application response from the first network application; identifying 
the second network application based at least in part on the first network 
application response; and sending at least a portion of the first network 
application response to the second network application (figures 6 and 8 and 
abstract). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Nickles by 
looping or redirecting to the second network application based on the responding 
of the first network application because this feature may increases the availability 
or sufficiency of the network. It is for this reason that one of ordinary skill in the 
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art at the time of the invention would have been motivated to modify Gleichauf in 
view of Nickles in order to protect the network securely without overloading the 
second network application processor. 

67. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
both Gleichauf and Network Tap as applied to claims 2 above, and further in view 
of Nickle, U.S. Patent Number 6,134,591. 

68. With respect to claim 5, both Gleichauf and Network Tap teach receiving a 
first network application response from the first network application (item 20 of 
figure 2; column 5, lines 15-30); identifying the second network application (item 
16 of figure 2). 

However, both Gleichauf and Network Tap fail to teach identifying the 
second network application based at least in part on the first network application 
response and the second network interface; and sending at least a portion of the 
first network application response to the second network application. 

In a method of delivering a network service, Nickles discloses identifying 
the second network application based at least in part on the first network 
application response and the second network interface; and sending at least a 
portion of the first network application response to the second network 
application (figures 6 and 8 and abstract). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify both Gleichauf and Network Tap, 
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and further in view of Nickles by looping or redirecting to the second network 
application based on the responding of the first network application because this 
feature may increases the availability or sufficiency of the network. It is for this 
reason that one of ordinary skill in the art at the time of the invention would have 
been motivated to modify both Gleichauf and Network Tap, and further in view of 
Nickles in order to protect the network securely without overloading the second 
network application processor. 

69. Claims 62-66 and 71-72 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Gleichauf et al., U.S. Patent Number 6,499,107 (hereinafter 
Gleichauf). 

70. Taking claim 62 as an exemplary claim, Gleichauf teaches a method of 
delivering data to a plurality of network applications (figure 2), the method 
comprising: 

■ receiving a first data packet, the first data packet including a first 
service address and a first data packet payload (item 18 of 2; and 
column 4, lines 50-67 i.e. router is capable of receiving packet among 
the internal and external network); 

■ identifying a first plurality of network applications associated with the 
first service address, the first plurality of network applications 
associated with the first service address including a first network 
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application (item 20 of figure 2), a second network application (item 16 
of figure 2), and a third network application (item 12 of figure 2); 

■ sending at least the first data packet payload to the first network 
application (figure 2; column 4, lines 60-67; and column 5, lines 48-57); 

■ sending at least the first data packet payload to the second network 
application (item 18 and 16 of figure 2 i.e. router is capable of sending 
packet to firewall); 

■ receiving a second network application response packet from the 
second network application (figure 2 i.e. router is capable of receiving 
an outgoing package form firewall); 

■ sending a third network application packet to the third network 
application, the third network application packet based at least in part 
on the second network application response packet (column 5, lines 
48-57; and item 18 of figure 2 i.e. router is capable of sending 
packages to workstation through firewall). 

■ receiving a second data packet, the second data packet including a 
second service address and a second data packet payload (item 18 of 
figure 2 i.e. router is capable of receiving another packet from the 
external network); 

However, Gleichauf fails to teach identifying a second plurality of network 
applications associated with the second service address, the second plurality of 
network applications associated with the second service address including a 
fourth network application (item 20 of figure 2 i.e. IDS has the same functional of 
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the first application), a fifth network application (item 16 of figure 2 i.e. firewall 
has the same functional of the second application), and a sixth network 

application (item 12 of figures 2 i.e. workstations); sending at least the second 
data packet payload to the fourth network application (item 18 is also capable 
sending the second packet to the second IDS which is identical of first 
application); sending at least the second data packet payload to the fifth network 
application; receiving a fifth network application response packet from the fifth 
network application; and sending a sixth network application packet to the sixth 
network application, the sixth network application packet based at least in part on 
the fifth network application response packet. 

It would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to add a fourth, fifth, and sixth network applications 
without delineating any further process limitations of the first, second, and the 
third network applications because this feature may decreases the cost and 
increases the security among the clients by sharing the same network, i.e. VPN 
or may avoids the down time of the network system. It is for this reason that one 
of ordinary skill in the art at the time of the invention would have been motivated 
to add a fourth, fifth, and sixth network applications without delineating any 
further process limitations of the first, second, and the third network applications 
in order to increase the security and increase the up time as the redundant 
network without purchasing or building an additional system. 
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71 . With respect to claim 63, Gleichauf further teaches receiving a first data 
packet includes receiving the first data packet at an Internet service provider; and 
receiving a second data packet includes receiving the second data packet at an 
Internet service provider (column 4, lines 50-67 i.e. "router serves as a gateway 
between internal network and an external network". Therefore, "first and second 
data packet at an ISP" is inherent as packet's flowing from the external network). 

72. With respect to claim 64, Gleichauf further teaches at least one network 
application of the first plurality of network applications and the second plurality of 
network applications includes a passive real-time intrusion detection application 
(figure 2 i.e. item 20 is an IDS). 

73. With respect to claim 65, Gleichauf further teaches at least one network 
application of the first plurality of network applications includes a remote network 
application (item 20 of figure 2 i.e. IDS). 

74. With respect to claim 66, Gleichauf further teaches the remote network 
application is an Internet network application (figure 3 i.e. http or ftp). 

75. With respect to claim 71 , Gleichauf fails to teach determining an addition 
of a redundant network application, the redundant network application being the 
same as one or more network applications of the first plurality of network 
applications. However, determining an addition of a redundant network 
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application is well known in the art (see the prior art made up record, by Dr. 
Vincent C. Jone, www.networkingunlimited.com/white001.html) 

76. With respect to claim 72, Gleichauf fails to teach detecting a failed network 
application of the first plurality of network applications; and directing a third data 
packet to the redundant network application based at least in part on detecting 
the failed network application. However, detecting a failed over and directing to 
another network application is inherent as the redundant nework (see the prior 
art made up record, by Dr. Vincent C. Jone, 

www. netwo rki ng u n I i m ited . com/wh iteO0 1 . html ) . 

77. Claims 67-70 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over both Gleichauf et ai., U.S. Patent Number 6,499,107 (hereinafter Gleichauf) 
as applied in claim 62 above, and further in view of Barnier, U.S. Patent Number 
6,453,348. 

78. With respect to claim 67, Gleichauf fails to teach the first data packet is 
received from a first customer; and the second data packet is received from a 
second customer, the first customer being different from the second customer. 

In a system to manage delivery of a network service, Barnier discloses the 
first data packet is received from a first customer; and the second data packet is 
received from a second customer, the first customer being different from the 
second customer (figure 3). 
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Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Bariner by 
receiving the first data packet from a first customer and the second data packet 
from the second customer, the first customer being different from the second 
customer because this feature increases security among of customers by sharing 
the same network. It is for this reason that one of ordinary skill in the art at the 
time of the invention would have been motivated to modify Gleichauf in view of 
Bariner in order to share the same network among of customers with granting 
access to their own data and applications. 

79. With respect to claim 68, Gleichauf further teaches the first network 
application and the fourth network application are the same network application 
(item 20 of figure 2 i.e. IDS). 

80. With respect to claim 69, Gleichauf is silent on the second network 
application and the fifth network application are the same network application. 
However, the second network application is interpreted as the same as the fifth 
network application because the second and fifth network applications have the 
same functional and structure. 

81 . With respect to claim 70, Gleichauf fails to teach receiving a first service 
management instruction from the first customer; modifying a first service data 
record corresponding to the first service address based at least in part on the first 
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service management instruction; receiving a second service management 
instruction from the second customer; and modifying a second service data 
record corresponding to the second service address based at least in part on the 
second service management instruction. 

In a system to manage delivery of a network service, Barnier discloses 
receiving a first service management instruction from the first customer; 
modifying a first service data record corresponding to the first service address 
based at least in part on the first service management instruction; receiving a 
second service management instruction from the second customer; and 
modifying a second service data record corresponding to the second service 
address based at least in part on the second service management instruction 
(figures 3-4 and column 5, lines 25-44). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Bariner by 
receiving and modifying data based on first and second customer because this 
feature increases security among of customers by sharing the same network. It 
is for this reason that one of ordinary skill in the art at the time of the invention 
would have been motivated to modify Gleichauf in view of Bariner in order to 
share the same network among of customers with granting access to their own 
data and applications. 
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82. Claims 75-78 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over both Gleichauf and Network Tap as applied to claim 74 above, and further in 
view of Boden et al., U.S. Patent Number 6,615,357 (hereinafter Boden). 

83. With respect to claim 75, both Gleichauf and Network Tap fail to teach the 
first packeting engine includes means for service port translation. 

In a system to manage delivery of a network service, Boden discloses the 
first packeting engine includes means for service port translation (figure 4-7; 
column 6, lines 32-58). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify both Gleichauf and Network Tap, 
and further in view of Boden by adding service port translation to the first 
packeting engine because this feature decreases network address or port 
conflicts. It is for this reason that one of ordinary skill in the art at the time of the 
invention would have been motivated to modify both Gleichauf and Network Tap, 
and further in view of Boden in order to provide a solution to address or port 
collision problems cased by VPNs. 

84. Claim 76 is also rejected for the same reason set forth in claim 75 above. 

85. With respect to claim 77, both Gleichauf and Network Tap fail to teach one 
or more of the first network application, the second network application, and the 
third network application include means for application service port negotiation. 
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In a system to manage delivery of a network service, Boden discloses one 
or more of the first network application, the second network application, and the 
third network application include means for application service port negotiation 
(figures 4-7; and column 3, lines 45-56). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify both Gleichauf and Network Tap, 
and further in view of Boden by adding application service port negotiation 
because this feature decreases network address or port conflicts. It is for this 
reason that one of ordinary skill in the art at the time of the invention would have 
been motivated to modify both Gleichauf and Network Tap, and further in view of 
Boden in order to provide a solution to address or port collision problems cased 
by VPNs. 

86. Claim 78 is also rejected for the same reason set forth in claim 77 above. 

87. Claims 81-82 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gleichauf as applied to claim 73 above, and further in view of Shanklin et 
al., U.S. Patent Number 6,578,147 (hereinafter Shanklin). 

88. Taking claim 81 as an exemplary claim, Gleichauf fails to teach the first 
packeting engine performs TCP stateless load balancing of a plurality of service 
addresses to multiple applications. 
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In a system to manage delivery of a network service, Shanklin discloses 
the first packeting engine performs TCP stateless load balancing of a plurality of 
service addresses to multiple applications (figures 2-4; column 5 lines 21-55; and 
column 6, lines 29-55). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Shanklin by 
performing TCP stateless load balacing of the first and second engine because 
this feature avoids bottleneck. It is for this reason that one of ordinary skill in the 
art at the time of the invention would have been motivated in order to provide a 
processor-based intrusion detection system that can keep up with the high traffic. 

89. Claim 82 is also rejected for the same reason set forth in claim 81 above. 

90. Claims 83-85, and 88 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Gleichauf as applied to claim 73 above, and further in view of 
Genty et al., U.S. Patent Number 6,738,910 (hereinafter Genty). 

91 . With respect to claim 83, Gleichauf fails to teach a second packeting 
engine, the second packeting engine coupled to the first packeting engine, the 
second packeting engine including a second means for receiving the data packet 
having the service address and the payload, a second means for identifying the 
plurality of network applications based at least in part on the service address, the 
plurality of network applications including at least the first network application, the 
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second network application, and the third network application, a second means 
for distributing at least the payload of the data packet to the first network 
application and the second network application based at least in part on the 
service address, a second means for sequentially processing the data packet 
through at least the second network application and the third network application 
based at least in part on the service address, and a second means for sending 
the data packet service response based at least in part on the data packet 
sequential processing. 

However, Gleichauf teaches the first packeting engine (figure 2). 

In a system to manage delivery of a network service, Glenty discloses the 
second packeting engine (item 720 of figue 7) without delineating any further 
process limitation of the first packeting engine (item 718 of figure 7). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Glenty by 
adding second packeting engine without delineating any further process 
limitations of the first packeting engine because this feature avoids the down time 
of the network system. It is for this reason that one of ordinary skill in the art at 
the time of the invention would have been motivated to modify Gleichauf in view 
of Glenty in order to increase the up time as the redundant network without 
purchasing or building an additional system. 

92. With respect to claim 84, Gleichauf fails to teach the first packeting engine 
and the second packeting engine are stateless, redundant packeting engines. 
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In a system to manage delivery of a network service, Genty discloses the 
first packeting engine and the second packeting engine are stateless, redundant 
packeting engines (figure 7; and column 6, lines 43-64). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Glenty by 
specifying the first and second packeting engine as stateless or redundant 
packeting engines because this feature avoids the down time of the network 
system. It is for this reason that one of ordinary skill in the art at the time of the 
invention would have been motivated to modify Gleichauf in view of Glenty in 
order to increase the up time as the redundant network without purchasing or 
building an additional system. 

93. With respect to claim 85, Gleichauf fails to teach means for load sharing 
between the first packeting engine and the second packeting engine. 

In a system to manage delivery of a network service, Genty discloses 
means for load sharing between the first packeting engine and the second 
packeting engine (column 2, lines 2-35). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Glenty by 
sharing between the first and second packeting engines because this feature 
avoids the down time of the network system. It is for this reason that one of 
ordinary skill in the art at the time of the invention would have been motivated to 
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modify Gleichauf in view of Glenty in order to increase the up time as the 
redundant network without purchasing or building an additional system. 

94. With respect to claim 88, Gleichauf fails to teach the first packeting engine 
and the second packeting engines are part of a network service provider system. 

In a system to manage delivery of network service, Genty discloses the 
first packeting engine and the second packeting engine are part of a network 
service provider system (figure 7). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Gleichauf in view of Glenty by 
specifying the first and second packeting engines as part of a network service 
provider system because this feature avoids the down time of the network 
system. It is for this reason that one of ordinary skill in the art at the time of the 
invention would have been motivated to modify Gleichauf in view of Glenty in 
order to increase the up time as the redundant network without purchasing or 
building an additional system. 

95. Claims 86 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
both Gleichauf and Genty as applied to claim 83 above, and further in view of 
Network Tap, http://www.netoptics.com, page 1-28 (hereinafter Network Tap). 
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96. With respect to claim 86, both Gleichauf and Genty fail to teach the first 
packeting engine is to handle inbound traffic and the second packeting engine is 
to handle outbound traffic. 

In a system to manage delivery of a network service, Network Tap 
discloses the first packeting engine is to handle inbound traffic and the second 
packeting engine is to handle outbound traffic (pages 11-14). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify both Gleichauf and Genty, and 
further in view of Network Tap by handling the inbound traffic as the first 
packeting engine and handling the outbound traffic as the second packeting 
engine because this feature increases the performance and allows full-duplex 
monitoring of network traffic without interrupting data traffic. It is for this reason 
that one of ordinary skill in the art at the time of the invention would have been 
motivated to modify both Gleichauf and Genty, and further in view of Network 
Tap in order to allow users to monitor the full-duplex traffic between two Fast 
Ethernet devices. 

97. Claims 87 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
both Gleichauf and Genty as applied to claim 83 above, and further in view of 
Shanklin et al., U.S. Patent Number 6,578,147 (hereinafter Shanklin). 
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98. With respect to claim 87, both Gleichauf and Genty fail to teach the first 
packeting engine and the second packeting engine perform TCP stateless load 
balancing for the service address. 

However, Genty teaches the first packeting engine and the second 
packeting engine perform TCP for the service address. 

In a system to manage delivery of network service, Shanklin discloses the 
packeting engine perform TCP stateless load balancing for the service address 
(figures 2-5 and see abstract). 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify both Gleichauf and Genty, and 
further in view of Shanklin by performing TCP stateless load balacing of the first 
and second engine because this feature avoids bottleneck. It is for this reason 
that one of ordinary skill in the art at the time of the invention would have been 
motivated in order to provide a processor-based intrusion detection system that 
can keep up with the high traffic. 

Conclusion 

99. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. " Method and apparatus for network caching and load balancing ," by 
Squire etal., U.S. Patent Application Publication Number 2002/0049840. 

b. " Load balancing ," by Zisapel et al., U.S. Patent Number 6,665,702. 
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c. " Mechanism for delivering a message based upon a source 
address ," by Kalajan, U.S. Patent Number 6,304,908. 

d. " Extranet architecture /' by Barnier et al., U.S. Patent Number 
6,453,348. 

e. " Network security and integration method and system ," by Nickles, 
U.S. Patent Number 6,1 34,591. 

f. " Packet protocol for encoding and decoding video data and data 
flow signals and devices for implementing the packet protocol ," by Frink et al., 
U.S. Patent Application Publication Number 2003/0133448. 

g. " Efficient network multicast switching apparatus and methods ," by 
Mahajan et al., U.S. Patent Number 6,785,274. 

h. " Authenticated firewall tunneling framework ," by Brownell, U.S. 
Patent Application Publication Number 2002/0169980. 

100. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Nghi V Tran whose telephone number is 
(571 ) 272-4067. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Zarni Maung can be reached on (571) 272-3939. The fax 
phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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